UserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36

Steps to reproduce the problem:
1. Serve an HTML file loading a module script behind HTTP Basic authorization, e.g

<script type="module" src="script.js"></script>

2. Browse the file with dev tools closed

3. Open dev tools, check the script loaded successfully

4. Reload the page with dev tools open, inspect the script.js request under the Network tab which will show the Authorization header is missing and a 401 response code

What is the expected behavior?
The Authorization header is sent, the same as when dev tools is closed

What went wrong?
A site behind HTTP Basic Authorization is failing to load type="module" scripts only when dev tools is open, it seems the Authorization headers aren't being included/are stripped.

Did this work before? N/A 

Chrome version: 65.0.3325.181  Channel: stable
OS Version: 4.15.15-1-ARCH
Flash Version: